Name: What We Learned From Honeypotting Attackers in the Cloud
Start: 2023-07-12T18:00:00Z
End: 2023-07-12T18:00:48.000Z
Location: BrightTALK
Rating: 4.5

Orca Security is the industry-leading Cloud Security Platform that identifies, prioritizes, and remediates security risks and compliance issues across your cloud estate spanning AWS, Azure, Google Cloud and Kubernetes.

In this webinar, our panelists will discuss how generative AI and large language models can
help strengthen cloud security in a way that previously wasn’t possible. Orca has partnered with
AWS to integrate their Amazon Bedrock AI service into the Orca Cloud Security Platform to automatically
generate remediation steps and code, dramatically reducing MTTR (Mean Time to Resolution). Join us to delve deeper into how generative AI is helping reduce workloads and accelerating outcomes in the field of cloud security, as well as how to manage your AI security posture.

In this webinar we will discuss:
● How Orca integrated Amazon Bedrock to automatically generate remediation steps and
code.
● AI is empowering security teams to respond to and remediate issues faster than ever
before
● Practical use cases where AI is already helping to improve cloud security
●  How organizations can keep their AI models secure

Enhancing Cloud Security with Generative AI - Orca Security and AWS

As the adoption of AI models explodes, it’s important that security is not overlooked. Since AI models often include sensitive data and intellectual property in their training data, these cloud resources are at an even greater potential risk than other resources. Our expert speakers will discuss the specific challenges of AI security and how to manage your AI security posture without hindering innovation.

In this webinar you will learn:

- How widespread AI development is right now
- What AI risks are most pressing now
- What challenges are involved in addressing these risks
- How AI Security Posture Management works

AI Security Posture Management Explained

Join our expert Chief Information Security Officers (CISOs) as they delve into the key findings from Orca Security's 2024 State of Cloud Security Report, compiled by the Orca Research Pod by analyzing billions of cloud assets in real-world environments.

Moderated by Andy Ellis, our panelists will explore:
- The most impactful statistics highlighted in the report
- How the report findings compare to their real-world experiences
- The biggest cloud security challenges facing security leaders in 2024
- How to enhance cloud security, even when resources are constrained

Bios:
Yoav Alon is a security veteran with 12+ years of experience, and is recognized on Microsoft Security Response Center’s Most Valuable Research List (BlackHat 2019). Prior to joining Orca Security, he was a researcher and team leader at Unit 8200 (the Israeli NSA), a chief architect at Hyperwise Security, and a security architect at Check Point Software Technologies. Yoav holds a BSc in Computer Science from the Open University of Israel. In his spare time, Yoav enjoys hunting for vulnerabilities. Yoav can be found on LinkedIn & Twitter.

Dave Lewis has 30 years of experience in IT security operations and management. Dave has held senior security roles at Akamai, IBM, Duo Security, Cisco and AMD. He founded the security site Liquidmatrix Security Digest and is currently a member of the board of directors for BSides Las Vegas. Previously, he served on the board of directors for (ISC)2, and was a founder of BSides Toronto conference. Dave was a DEFCON speaker operations goon for 13 years, and serves on the advisory board for the Black Hat Sector Security Conference and the CFP review board for 44CON. Dave has written for Forbes, CSO Online, Huffington Post, The Daily Swig, and more. For fun, he is a curator of small mammals (his kids) plays bass guitar, grills, and is part owner of a whisky distillery as well as a soccer team. You can find him on LinkedIn.

CISO Fireside Chat: 2024 State of Cloud Security Report

In this webinar we will learn about the vulnerability recently discovered by Hunters’ Team Axon called DeleFriend - what it is, how it is exploited, and what you can do to protect yourself from it. More than just a series of slides we’ll have the threat researchers demonstrate the vulnerability and breach a demo environment.  We shall see that Google Workspace depends on Google Cloud Platform and why you need to rigorously protect yourself across both. We’ll discuss attacks on Google Cloud Platform and Google Workspace as well as a live demo of the exploit. 

Key takeaways:
- How GCP and Google Workspace are interconnected
- How to detect and prevent this demonstrated attack
- What you need to do to protect yourself from this exploitable vulnerability

Exploring a Severe Design Weakness in Google Workspace - Hunters & Orca Security

In this webinar, our panelists will discuss how AI and large language models such as ChatGPT and Azure OpenAI can contribute to cloud security in a way that previously wasn’t possible. While AI isn’t new, organizations are increasingly applying AI to solve complex issues that are hard to replicate by humans. This is resulting in reduced daily workloads for security practitioners and DevOps teams, as well as more robust cloud security postures.

In this webinar we will discuss:
- How AI is empowering security teams to respond to and remediate issues faster than ever before
- Practical use cases where AI is already helping to improve cloud security
- New AI applications that we can expect in the future

Learn more: https://orca.security/platform/ai-cloud-security/

Unleashing the Power of Generative AI: Accelerating Cloud Security

A loophole in Google Kubernetes Engine (GKE) - dubbed ‘Sys:All’ - could allow an attacker with any Google account to take over a GKE cluster, potentially leading to serious security incidents such as cryptomining, denial of service, and sensitive data theft. The loophole stems from a likely widespread misconception that the system:authenticated group in GKE includes only verified and deterministic identities, whereas in fact, it includes any Google authenticated account (even outside the organization). This misunderstanding could then create a serious weakness when the system:authenticated group is assigned overly permissive roles.

Learn from our speakers as they deep-dive into the details of the GKE loophole, provide the results of our initial reconnaissance research in the wild, and provide practical recommendations on how to make sure your organization is not vulnerable.

In this webcast, we’ll cover:
- What the ‘Sys:All’ GKE loophole is
- How we managed to find thousands of vulnerable GKE clusters
- How to protect against this loophole

Learn more: 
https://orca.security/resources/blog/sys-all-google-kubernetes-engine-risk-example/
https://orca.security/resources/research-pod/sys-all-google-kubernetes-engine-risk/

Get a Demo of the Orca Security Platforn: https://orca.security/demo/

How A Loophole Could Allow Attackers to Penetrate Thousands of GKE Clusters

We'll discuss the benefits of cloud security democratization and how generative AI and large language models such as ChatGPT and Azure OpenAI are contributing to this important initiative. By making cloud security accessible to not only security teams, but also developers, DevOps and governance and risk teams, organizations can empower stakeholders to make security-driven decisions, leading to reduced friction and improved cloud security postures. 

You'll learn:
  •  Why cloud security democratization is important
  •  How AI-driven cloud security empowers stakeholders across the organization
  •  Practical use cases where AI is helping improve cloud security postures

We’ll also demo how the Orca platform democratizes cloud security by delivering intuitive, AI-driven cloud asset search, remediation and user permissions management.

Democratizing Cloud Security with GenAI

Have a cloud security question? Our monthly Orca LIVE: Ask the Experts sessions are available to answer your toughest questions, get expert takes on hot topics, and expand your cloud security network. In this session, Advanced Cloud Security Tactics Manager Roi Nisimi joins Neil Carpenter and Ashley Ward to discuss a new vulnerability his team discovered, specifically, how unauthenticated access to GCP Dataproc can lead to a data leak. 

Register for the next live session here: https://try.orca.security/ask-the-experts.html?utm_source=brighttalk&utm_medium=webinar&utm_campaign=23-q4-cloud-security-live-experts-dec-wbr

Orca LIVE: Ask the Experts - GCP Dataproc Vulnerability

Do security concerns and mountains of alerts keep your team up at night? Learn how your security organization can more efficiently identify, prioritize, and remediate cloud security risks and maintain compliance with Orca Security and Amazon Web Services (AWS). 

Learn more at: https://orca.security/

Secure your Cloud Environment and Achieve Compliance

The financial services industry faces strict regulatory compliance requirements, including PCI DSS, GDPR, SOC 2, and more. With multi-cloud environments growing in complexity, security teams are struggling to keep up with ever-evolving compliance mandates. In this fireside chat, we'll talk to Paidy, a BNPL provider in Japan acquired by PayPal in 2021, and a FinTech leader in delivering cardless payments and other financial services through the cloud. We’ll cover how Paidy successfully manages regulatory compliance for their large-scale cloud environment and the lessons they learned along the way. 

Key takeaways:
- How to overcome compliance challenges related to multi-cloud environments and costly in-house solutions
- Delivering cloud-native applications and scaling at the speed of the cloud, without compromising compliance
- How tool consolidation is helping streamline cloud security operations

FinServ Cloud Compliance: Paidy’s Lessons From the Trenches

Join us to gain an understanding of risks and threats that uniquely impact containers and Kubernetes. 

In this panel discussion, we'll explore:
 •  How containerization affects application, platform, and cloud security concerns
 •  Walking through risks to the apps running in the containers
 •  The possibilities of an escape from the container workload to the host and the orchestrator
 •  The potential for this to lead to a bigger compromise of the cloud estate
 •  Addressing strategies for mitigating these risks and detecting possible issues

Understanding How Containers & Kubernetes Change Your Threat Models

With many organizations deploying multiple cloud accounts and providers, new opportunities arise for bad actors to exploit the increased attack surface and security loopholes.

In this webinar, we explore the phenomenon of cross-account and cross-provider cloud attacks, how multi-cloud attack path analysis can detect these security gaps, and how teams can prioritize attack paths, remediating the most critical ones first.

You’ll learn:
 •  How bad actors can ‘hop’ from one cloud provider to another to reach their end target
 •  The role of multi-cloud attack path analysis in detecting these threats
 •  How Orca can help teams prioritize attack paths and remediate strategically

Defend Against Multi-Cloud Attack Paths

As the cloud security landscape evolves and threats become more complex, cloud security vendors continue to innovate. But what sets these security solutions apart? And which features are most impactful?

Join Orca Security’s Keith Mokris, VP of Product Marketing and Neil Carpenter, Principal Technical Evangelist as they meet with special guest Chris Ray, Cyber Security Analyst, GigaOm, for a discussion about what’s driving companies to adopt cloud security, as well as the advanced security features and trends to start tracking now. 

You’ll walk away with an overview of:
- GigaOm’s 2023 Cloud Security Posture Management (CSPM) market analysis
- Key criteria for evaluating cloud security solutions
- How Orca’s approach is differentiated

Curious about how your team can benefit from deploying CSPM? Don’t miss this webinar.

Born in the Cloud: Cloud Security for the Modern Organization

We'll discuss the benefits of cloud security democratization and how generative AI and large language models such as ChatGPT and Azure OpenAI are contributing to this important initiative. By making cloud security accessible to not only security teams, but also developers, DevOps and governance and risk teams, organizations can empower stakeholders to make security-driven decisions, leading to reduced friction and improved cloud security postures. 

You'll learn:
  •  Why cloud security democratization is important
  •  How AI-driven cloud security empowers stakeholders across the organization
  •  Practical use cases where AI is helping improve cloud security postures

We’ll also demo how the Orca platform democratizes cloud security by delivering intuitive, AI-driven cloud asset search, remediation and user permissions management.

Bring your burning AI questions!

Democratizing Cloud Security With Generative AI

Melinda Marks, Senior Analyst at Enterprise Strategy Group (ESG), reports that, in a recent cloud security posture management (CSPM) study, 1 in 7 businesses are placing 40% of their applications in public clouds—and that number is expected to double in 2 years.

This wave of continuous cloud adoption necessitates a revised security approach, as managing risk, mitigating visibility issues, and establishing consistency of controls becomes more difficult as you grow your CSP ecosystem. 

This forthcoming Fireside Chat with Melinda Marks, Orca’s VP Product Marketing Keith Mokris, and Principal Technical Evangelist Ashley Ward will illuminate current CSPM trends, as well as top challenges and best practices for managing cloud security risk.

Register for the session—live on September 14th at 1pm EST—to join the discussion, which also covers:
• How can you strategically manage security risk during cloud migration?
• Cloud infrastructure entitlement management (CIEM) trends
• Explanation of how Orca is helping customers with CIEM and CSPM
• And much more

How to Build a Cloud Security Strategy That Scales

Financial services and technology organizations are the stewards of sensitive personal and financial data, and protecting that data is a common concern when it comes to cloud adoption. With the right combination of cloud provider and security, you can deliver financial services in the cloud that are secure and compliant without impacting performance or end-user experience.The Orca Cloud Security Platform delivers comprehensive coverage and visibility of risks across every layer of your AWS estate, enabling financial services and financial technology organizations to quickly prioritize risk, achieve compliance, and keep their businesses secure.

Join us to learn:
- About the threat landscape impacting the financial services & technology sector
- How to protect sensitive financial data, PII, and infrastructure in the cloud
- How to achieve continuous industry-standard compliance 

As the AWS Global Security Partner of the Year, Orca is committed to working closely with you and AWS to secure your cloud estate with our single unified platform. Find out more: https://orca.security/partners/technology/amazon-web-services

Protect Sensitive Financial Data and Achieve Compliance with Orca Security & AWS

According to Gartner®, “By 2026, 80% of enterprises will have consolidated security tooling for the life cycle protection of cloud-native applications to three or fewer vendors, down from an average of 10 in 2022.” What does the unification of siloed tools like CWPP, CSPM, and CIEM mean for security teams? 

Join Neil Carpenter, Principal Technical Evangelist, Orca Security, and Vivek Menon, VP & CISO, Digital Turbine, to learn how Digital Turbine uses a CNAPP to secure its cloud estate. They’ll cover:
- Challenges in securing cloud native applications
- How CNAPPs continue to evolve to offer different features and functionality
- Requirements for evaluating CNAPPs

Neil and Vivek will also discuss findings from the 2023 Gartner Market Guide for Cloud Native Application Protection Platforms. Curious about how a CNAPP can provide complete and centralized visibility of your cloud infrastructure? Don’t miss this webinar!

Gartner, Market Guide for Cloud-Native Application Protection Platforms, Neil MacDonald, Charlie Winckless, and Dale Koeppen, 14 March, 2023.

GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.

Gartner does not endorse any vendor, product or service depicted in its research publications and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s Research & Advisory organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

Oh CNAPP! What to Know About Securing Cloud Native Applications

Bad.Build is a critical vulnerability discovered by the Orca Research Pod in the Google Cloud Build CI/CD service, which enables attackers to gain unauthorized access to code and images in Artifact Registry. The flaw presents a significant supply chain risk since it allows the injection of malicious code into applications, which could then be downloaded and installed by customers and partners.

Learn from our speakers as they deep-dive into the anatomy of Bad.Build and provide practical recommendations on how to fortify your defenses around the use of the Google Cloud Build service.

In this webcast, we’ll cover:
 •  The steps that led to the Bad.Build discovery
 •  A live demonstration of the Proof of Concept exploit, which includes Privilege Escalation and Remote Code Execution
 •  Recommendations on how to reduce exposure to this risk

How a Google Cloud Vulnerability Creates a Severe Supply Chain Risk

With more and more sensitive information and critical systems residing in the cloud, it's essential for organizations to implement robust security measures to safeguard their cloud assets. However, to do this in an effective manner, it’s critical to understand what attackers are looking for and how they operate.

In this webinar we will discuss the results from the Orca Security ‘2023 Honeypotting in the Cloud Report’, offering important insights into what attracts potential attackers as well as the tactics and techniques they use. 

In this session, you’ll learn:
 •  How quickly discoverable vulnerable assets are on GitHub, HTTP, SSH, S3 Buckets, etc.
 •  Resources bad actors are more likely to attack
 •  Advice on secrets management, authentication, malicious process monitoring, and more.

What We Learned From Honeypotting Attackers in the Cloud

Cloud

Cloud Security

Cyber Security

Risk Mitigation

Cyber Defence

Threat Management

IT Security

Vulnerability Management

Threat Analysis

Secure Cloud

Welcome to the virtualization community on BrightTALK! Whether it affects servers, storage, networks, desktops or other parts of the data center, virtualization provides real benefits by reducing the resources needed for your
infrastructure and creating software-defined data center components. However, it can also complicate your infrastructure. Join this active community to learn best
practices for avoiding virtual machine sprawl and other common virtualization pitfalls as well as how you can make the most of your virtualization environment.

Virtualization

Cloud computing has exploded over the past few years, delivering a previously unimagined level of workplace mobility and flexibility. The cloud computing community on BrightTALK is made up of thousands of engaged professionals learning from the latest cloud computing research and resources. Join the community to expand your cloud computing knowledge and have your questions answered in live sessions with industry experts and vendor representatives.

Cloud Computing

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

What We Learned From Honeypotting Attackers in the Cloud

Presented by

About this talk

More from this channel